#!/bin/bash

# Read from keychain on macOS by default
if [[ "$OSTYPE" == "darwin"* ]]; then
  SERVER=$(security find-generic-password -l "Openconnect VPN Server" -w)
  USERNAME=$(security find-generic-password -l "Openconnect Username" -w)
  SEED=$(security find-generic-password -l "Openconnect TOTP Seed" -w)
  PASSWORD=$(security find-generic-password -l "Openconnect Account Password" -w)
fi

# Allow reading from environment
if [[ -z "$OC_SERVER" ]]; then :; else
  SERVER="$OC_SERVER"
fi
if [[ -z "$OC_USERNAME" ]]; then :; else
  USERNAME="$OC_USERNAME"
fi
if [[ -z "$OC_SEED" ]]; then :; else
  SEED="$OC_SEED"
fi
if [[ -z "$OC_PASSWORD" ]]; then :; else
  PASSWORD="$OC_PASSWORD"
fi

SCRIPT=`realpath $0`
SCRIPTPATH=`dirname $SCRIPT`
ROUTE_FILE=routes.txt

# trap ctrl-c and call ctrl_c()
trap ctrl_c INT

function ctrl_c() {
  killall openconnect
  echo "Bye!"
  exit
}

SCRIPT_INCLUDE=""

while true; do
  echo "Connecting to VPN"

  if test -f "$ROUTE_FILE"; then
    SCRIPT_INCLUDE="--script=\"$SCRIPTPATH/routing.sh\""
  fi

  echo $PASSWORD | sudo openconnect \
    --csd-wrapper hostscan-bypass.sh \
    --passwd-on-stdin \
    --os=mac-intel \
    $SCRIPT_INCLUDE \
    --token-mode=totp \
    --token-secret=sha1:base32:$SEED \
    -u $USERNAME \
    $SERVER

  echo "Openconnect closed. Waiting 3 seconds."
  sleep 3

done